Skip to Main Content

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

LDAP authentication, 11g and Access Control Lists (ACL)

David GilesAug 13 2008 — edited Feb 22 2012
Hi,

I've been using LDAP as an authentication mechanism in Apex 3.0/3.1 on 10g (10.2.0.3) for a while and, once over the initial set-up, it's worked fine. However, the same configuration with 11g (11.1.0.6) is throwing up some interesting issues:

1) the LDAP test tool now errors with:

ORA-24247: network access denied by access control list (ACL)
ERR-10412 Unable to run edit ldap user function.

I've tried resolving this with DBMS_NETWORK_ACL_ADMIN.CREATE_ACL to create the appropriate privileges, but without success. If anyone has a 'howto' for this it'd be much appreciated (I may well be missing something trivial).

2) whereas previously I could use the hostname of the LDAP server to connect for authentication I can now only get the LDAP authentication working if I use the IP address of the server; I've had to change to this in both the LDAP host definition on the LDAP config page and within the Username Edit Function.

I was thinking that this may be a DNS lookup issue. Calling utl_inaddr.get_host_address without the appropriate ACL setup does fail and, with the right ACL set up, does work - but the LDAP test tool is still failing and it also doesn't allow me to use the hostname in the LDAP config. One possibility here is that I've not granted to the appropriate user, though I've tried for both anonymous and the workspace owner, both without success.

Any help with this issue would be greatly appreciated.

Thanks.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 21 2012
Added on Aug 13 2008
8 comments
9,222 views